Microsoft has just fixed a major security flaw in its security software, Microsoft Defender. The problem, which dates back to 2014 and which affects Windows 10, allowed to exclude locations from the antivirus scan, and therefore to install any malware. Windows saw nothing but fire.
We mentioned it a few weeks ago, a security breach seriously threatens the Microsoft Defender antivirus. This flaw, present since 2014, makes it possible to bypass antivirus security measures due to a faulty registry key. So the key HKLM\Software\Microsoft\Windows Defender\Exclusions contains all locations excluded from antivirus scanning. The problem is that this key is easily accessible, as long as it is accessible by the Everyone group. A command line or a small turn in the Settings of Windows to modify its contents.
From then on, an attacker has the possibility to install any type of malware on a PC and cause the antivirus to completely miss it. Of course, you must have local access to the machine. It is therefore necessary to have control of the PC in question beforehand, but in the event that several accounts have been created (one as an administrator and the others as a guest or with restricted privileges), a hacker in guest mode can easily save malware on its victim’s PC. Once the operation is done, he can take full control of it, steal other accounts’ personal information, etc.
Read also – Windows Defender: you will soon be able to control the security of your PC on Android and iOS
Microsoft fixes an issue with locations excluded from Windows Defender scanning
Microsoft has not yet communicated on this flaw, which was very recently discovered and has been present since the very beginning of Windows 10. But the Redmond publisher has obviously done the necessary. Now, to access the list of locations excluded by the antivirus, administrator privileges are required. And this, regardless of the access used: the command line or via the Windows security settings.
Security expert Antonio Cocomazzi explains on Twitter that the flaw has been filled by Microsoft. This information was confirmed by another researcher, Will Dormann, who officiates at CERT/CC. The Redmond publisher having patched its OS as discreetly as possible, it is not known whether the patch is part of the February 2022 Patch Tuesday, or whether Microsoft released it by another means, such as a classic Microsoft Defender update. As a precaution, launch an update via Windows Update, this should protect you in all cases.
The flaw in question affects Windows 10but does not concern Windows 11. Remember, however, that Windows 10 remains the most widespread version of the OS, which is used by 70% of computer users in the world (source: Netmarketshare).
Source: Bleeping Computer